Show simple item record

dc.contributor.advisorBalakrishnan, N
dc.contributor.advisorSingh, Virendra
dc.contributor.authorKumar, Pawan
dc.date.accessioned2014-06-05T07:13:39Z
dc.date.accessioned2018-07-31T05:09:06Z
dc.date.available2014-06-05T07:13:39Z
dc.date.available2018-07-31T05:09:06Z
dc.date.issued2014-06-05
dc.date.submitted2012
dc.identifier.urihttps://etd.iisc.ac.in/handle/2005/2321
dc.identifier.abstracthttp://etd.iisc.ac.in/static/etd/abstracts/2985/G25266-Abs.pdfen_US
dc.description.abstractThe rampant growth of the Internet has been coupled with an equivalent growth in cyber crime over the Internet. With our increased reliance on the Internet for commerce, social networking, information acquisition, and information exchange, intruders have found financial, political, and military motives for their actions. Network Intrusion Detection Systems (NIDSs) intercept the traffic at an organization’s periphery and try to detect intrusion attempts. Signature-based NIDSs compare the packet to a signature database consisting of known attacks and malicious packet fingerprints. The signatures use regular expressions to model these intrusion activities. This thesis presents a memory efficient pattern matching system for the class of regular expressions appearing frequently in the NIDS signatures. Proposed Cascaded Automata Architecture is based on two stage automata. The first stage recognizes the sub-strings and character classes present in the regular expression. The second stage consumes symbol generated by the first stage upon receiving input traffic symbols. The basic idea is to utilize the research done on string matching problem for regular expression pattern matching. We formally model the class of regular expressions mostly found in NIDS signatures. The challenges involved in using string matching algorithms for regular expression matching has been presented. We introduce length-bound transitions, counter-based states, and associated counter arrays in the second stage automata to address these challenges. The system uses length information along with counter arrays to keep track of overlapped sub-strings and character class based transition. We present efficient implementation techniques for counter arrays. The evaluation of the architecture on practical expressions from Snort rule set showed compression in number of states between 50% to 85%. Because of its smaller memory footprint, our solution is suitable for both software based implementations on network chips as well as FPGA based designs.en_US
dc.language.isoen_USen_US
dc.relation.ispartofseriesG25266en_US
dc.subjectAccess Control (Computer Networks)en_US
dc.subjectCryptographyen_US
dc.subjectNetwork Intrusion Detection Systemen_US
dc.subjectComputer Securityen_US
dc.subjectCyber-attacken_US
dc.subjectNetwork Intrusion Detection - Regular Expression Pattern Matchingen_US
dc.subjectCascaded Automata Architectureen_US
dc.subjectDeterministic Finite Automataen_US
dc.subjectNetwork Intrusion Detection - Memory Efficient Algorithmsen_US
dc.subjectNetwork Intrustion Detection System Signaturesen_US
dc.subjectNetwork Intrusion Detection Systems (NIDS)en_US
dc.subjectModified Word-based NFA (M-WNFA)en_US
dc.subjectNetwork Securityen_US
dc.subjectPattern Matchingen_US
dc.subject.classificationComputer Scienceen_US
dc.titleMemory Efficient Regular Expression Pattern Matching Architecture For Network Intrusion Detection Systemsen_US
dc.typeThesisen_US
dc.degree.nameMSc Enggen_US
dc.degree.levelMastersen_US
dc.degree.disciplineFaculty of Engineeringen_US


Files in this item

This item appears in the following Collection(s)

Show simple item record